Author Topic: http://wpad.browserupdatecheck.in/wpad.dat virus  (Read 21765 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #60 on: July 03, 2015, 04:41:22 PM »
Hi Sir,

I think it's still showing the errors. Plz find attached the log....

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #61 on: July 03, 2015, 04:46:05 PM »
Lol ... space.... now it will work.  ;D


Code: [Select]
Start
CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
End

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #62 on: July 03, 2015, 04:57:35 PM »
Hi Sir,

Please find both the log files...


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #63 on: July 03, 2015, 05:06:02 PM »
Hi rajuvprasad,

And this looks like it. All traces of this boring adware should be gone now.

Now, I would like you to download corresponding tcpip.reg, run it to allow registry merge and changes and then reboot PC.
http://download.bleepingcomputer.com/win-services/8/Tcpip.reg

NOTICE: This registry key was written specifically for this OS, for use on that particular machine. Running this on another machine may cause damage to the operating system
« Last Edit: July 03, 2015, 05:09:28 PM by magna86 »

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #64 on: July 03, 2015, 05:37:56 PM »
Hi Sir,

I have run the tcpip.reg and rebooted.

Everything looks ok, but I cannot identify the difference, as since today morning, I wasn't seeing the notifications.

Except for the one issue where, sometimes when I click on links in content on any website, some junk pages are getting loaded...
Ofcourse I haven't seen these in the last 1 hr or so, had been randomly loading up earlier in the day. 
here are those links that opened...

http://games.71box.com/santas-helpers/?host=m.71box.com&locale=en&p=m.71box.com
http://www.71box.com/
http://mobilegames.candyoyo.com/horde-of-evil/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com
http://games.71box.com/connect-me-factory/?host=m.71box.com&locale=en&p=m.71box.com
http://mobilegames.candyoyo.com/rebel-thumb/?host=m.candyoyo.com&locale=en&p=m.candyoyo.com

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #65 on: July 03, 2015, 06:08:21 PM »
Post me fresh ZHP Diag log for re-analysis.

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #66 on: July 03, 2015, 06:39:11 PM »
Hi Sir,

Here is the ZHPDiag log file...

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #67 on: July 03, 2015, 06:45:08 PM »
Logs shows no adware or malware. Let's preform quick browser check as well.





Re-run Zoek tool ...

  • Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool. Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
FirefoxLook;
ChromeLook;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #68 on: July 03, 2015, 06:59:36 PM »
Hi Sir,

Here is the zoek-results.log file...

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #69 on: July 03, 2015, 07:52:26 PM »
This logs is clean as well. I would ask you to monitor your computer behavior few days and tell me is avast! alearts still occours.

Then, if all is well I will preform some post-cleaning process and give you some tips how to protect yourself better.

REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #70 on: July 14, 2015, 12:17:49 PM »
Hi Sir,

The alerts have completely gone. I haven't seen a single alert of the kind in the last 10 days.

Let me know if you need me to do anything in regards to post-cleaning process.

Once again, Thanks a lot for helping me out.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #71 on: July 14, 2015, 12:20:12 PM »



Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go ...   

We're gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I'll give you a few tips for reading. 



The following will implement some post-cleanup procedures:




---     ---     ---     ---     ---


Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.





Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.



---     ---     ---     ---     ---



Learn how to protect yourself:



=>  In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.

It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader




=>  I recommend that you use one of the fantastic opportunities provided by avast! AntiVirus.

For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes' Anti-Malware and perform 'Threat Scan' from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.




Extra text for reading:

Please visit and review PC Safety and Security - What Do I Need? for some helpful information.

Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.

You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.




The specific type of infection:

Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.

More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ











Stay safe. 


Best Regards,
magna86



REDACTED

  • Guest
Re: http://wpad.browserupdatecheck.in/wpad.dat virus
« Reply #72 on: July 14, 2015, 01:16:58 PM »
Hi Sir,

Thanks a lot for the system protection instructions.

I have run the DelFix. Please find attached the report...